New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rbd: add additional space for encrypted volumes #4582
base: devel
Are you sure you want to change the base?
rbd: add additional space for encrypted volumes #4582
Conversation
minikube testing, Created a 1GiB block-mode pvc, and then expanded to 2GiB
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add E2E checks new size.
b7586df
to
850dd3a
Compare
/test ci/centos/mini-e2e-helm/k8s-1.28 |
850dd3a
to
357a727
Compare
/test ci/centos/mini-e2e-helm/k8s-1.28 |
29e4f91
to
4f0f3fc
Compare
/test ci/centos/mini-e2e-helm/k8s-1.28 |
@Mergifyio rebase This causes a run of the GitHub CI jobs. Logs for ci/centos/mini-e2e-helm/k8s-1.28 show that e2e passed earlier. |
4f0f3fc
to
69aeda7
Compare
✅ Branch has been successfully rebased |
227bcf0
to
a4eabb3
Compare
/test ci/centos/mini-e2e/k8s-1.28 |
7b79d41
to
ca95618
Compare
/test ci/centos/mini-e2e/k8s-1.29/test_type-rbd |
/test ci/centos/mini-e2e/k8s-1.29 |
@karthik-us, is this the correct command to run |
/test ci/centos/mini-e2e/k8s-1.29 |
ca95618
to
72252c7
Compare
/test ci/centos/mini-e2e/k8s-1.29 |
72252c7
to
9d52790
Compare
/test ci/centos/mini-e2e/k8s-1.29 |
/test ci/centos/mini-e2e/k8s-1.29 |
e2e/rbd.go
Outdated
|
||
//nolint:goconst // The string "1Gi" is used multiple times in rbd.go, so it's not a const value. | ||
pvcSize := "1Gi" | ||
imageSize := 1*helpers.GiB + util.GetLuksHeaderSize() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
check if helper is having any menthods to parse string and convert it to in that avoid bugs or else we need to remember that we need to change size in two places.
e2e/rbd.go
Outdated
} | ||
}) | ||
|
||
By("resize a encrypted block pvc and verify the image size", func() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
add the resize to above test case, lets not create the PVC and pod again
e2e/rbd_helper.go
Outdated
} | ||
|
||
if imgInfo.Size != imageSize { | ||
return fmt.Errorf("size %d does not match expected %d", imgInfo.Size, imageSize) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return pvc name /image name which helps in debugging
internal/util/cryptsetup.go
Outdated
luks2KeySlotsSize = 32 << 8 // 8192 KiB | ||
) | ||
|
||
func GetLuksHeaderSize() int64 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return uint64 from here, we dont need to convert int64 to uint64 in multiple places
9d52790
to
b8c9e50
Compare
/test ci/centos/mini-e2e/k8s-1.29 |
e2e/rbd.go
Outdated
resizeImageSize uint64 | ||
) | ||
pvcSize := "1Gi" | ||
if s, err := helpers.RoundUpToB(resource.MustParse(pvcSize)); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it should be err==nil
not the other way isn't it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😀yea, missed it
Thanks!
func GetLuksHeaderSize() uint64 { | ||
size := uint64((((2 * luks2MetadataSize) + luks2KeySlotsSize) * helpers.KiB)) | ||
|
||
return size | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add unit testing for this helper?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please add unit test for it.
issue: when a block-mode pvc is created with encryption enabled there is some space reserved for the encryption metadata. Which doesn't allows users to write extact amount of data that they have requested for. solution: create pvc with extra space needed for the encryption metadata. `GetLuksHeaderSize()` function returns the luks2 encryption metadata(header size). Signed-off-by: Praveen M <m.praveen@ibm.com>
5479252
to
624153c
Compare
Signed-off-by: Praveen M <m.praveen@ibm.com>
624153c
to
d756a9d
Compare
/test ci/centos/mini-e2e/k8s-1.29 |
@@ -1984,6 +1986,115 @@ var _ = Describe("RBD", func() { | |||
} | |||
}) | |||
|
|||
By("create a encrypted block pvc and verify the image size", func() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Check snapshot process and size of created snapshot too in the same flow since we had a problem with restore?
if err != nil { | ||
framework.Failf("failed to load application: %v", err) | ||
} | ||
app.Labels = map[string]string{"app": "rbd-pod-block-encrypted"} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
labelKey:="app"
labelVal:= "rbd-pod-block-encrypted"
app.Labels = map[string]string{labelKey:labelVal}
opt := metav1.ListOptions{
LabelSelector: fmt.Sprintf("%s=%s",labelKey,labelVal)
}
using like above is less error prone, if we check it in one place we don't need to change it in other place
err = deletePVCAndApp("", f, pvc, app) | ||
if err != nil { | ||
framework.Failf("failed to delete pvc and app: %v", err) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please add E2E for PVC-PVC clone and snapshot restore as well
@@ -1067,6 +1067,7 @@ type imageInfo struct { | |||
StripeUnit int `json:"stripe_unit"` | |||
StripeCount int `json:"stripe_count"` | |||
ObjectSize int `json:"object_size"` | |||
Size int64 `json:"size"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we use uint64 here?
func GetLuksHeaderSize() uint64 { | ||
size := uint64((((2 * luks2MetadataSize) + luks2KeySlotsSize) * helpers.KiB)) | ||
|
||
return size | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please add unit test for it.
Describe what this PR does
rbd: add additional space for encrypted volumes
issue: when a block-mode pvc is created with encryption enabled
there is some space reserved for the encryption metadata.
Which doesn't allows users to write extact amount of data that
they have requested for.
solution: create pvc with extra space needed for the encryption
metadata.
GetLuksHeaderSize()
function returns the luks2encryption metadata(header size).
Related issues
Fixes: #issue_number
Checklist:
Show available bot commands
These commands are normally not required, but in case of issues, leave any of
the following bot commands in an otherwise empty comment in this PR:
/retest ci/centos/<job-name>
: retest the<job-name>
after unrelatedfailure (please report the failure too!)